Chrome and Firefox are very popular. For both browsers there are numerous add-ons – such as advertising blockers, help tools for images, movies, downloads, screenshots and much more. But not all add-ons are well-meant tools that only help you free of charge. Many of these tools spy on you and harm you without you noticing. The DataSpii report now shows what these add-ons know and what they do with the spyed data.
Spying Browser Add-Ons: Over 4 million victims
8 sniffing browser add-ons were found – over 4 million users (mainly in the USA) are affected. According to the DataSpii report, these add-ons read the entire browser history as well as all links on a page called up and store this information. This is especially critical when searching for personal things. The search queries and the browser history alone provide insights into the private life that we do not want to share with strangers.
Attention: Some links lead directly to private accounts.
But it gets even worse: Many links that you would never find via websites or Google search, because they lead to hidden, protected or private pages, are actually visible in this way. These links usually have an arbitrary and very long sequence of letters and characters somewhere in the URL and are either sent individually by email, or generated after login to a portal. Examples of extremely sensitive information found via these links according to the DataSpii report are:
- Surveillance videos of homes and businesses hosted on nests or other security portals.
- Tax returns, invoices, and names of clients and their attorneys.
- Professional PowerPoint slides that were not intended for the public and were temporarily stored on Microsoft OneDrive, Intuit.com or other cloud portals.
- Vehicle identification numbers (license plates, chassis numbers, etc.) published together with the address and name of the new buyers.
- Names of patients, physicians and other sensitive details listed on DrChrono.
- Private travel plans, routes, flights and hotel bookings, which one could call up on Priveline, Booking.com or the web pages of various airlines.
- Attachments and photos from Facebook Messenger – even if the photos were tagged as private.
All the data collected by the add-ons ended up at NachoAnalytics, among other companies, where they were enriched with data and information from other sources and apparently sold on legally.
Honestly: In many cases, the sold links were unusable, because without entering a password again they were useless; but not all of them. And the examples above show how much private information can be tapped in this way.
These are the affected add-ons
In extensive research, Sam Jadali, the father of the DataSpii report, was able to identify eight add-ons that deduct and resell the data in question. These are:
- Fairshare Unlock (Chrome and Firefox)
- SpeakIt! (Chrome)
- Hover Zoom (Chrome)
- PanelMeasurement (Chrome)
- Super Zoom (Chrome and Firefox)
- SaveFrom.net Helper (Firefox)
- Branded Surveys
- Panel Community Surveys
If you have installed one of these add-ons, remove it immediately!
Using Google Chrome: Just type chrome://extensions/ into the line of the URL. After that all your add-ons will be listed.
For Firefox: Just type about:addons into the line of the URL. Here you click “…” and you can remove any add-ons.
Whether the eight providers of the uncovered sniffer add-ons or the reseller NatchoService face legal consequences is currently more than questionable, as most of the add-ons have explicitly stated in their license terms that they will collect, check and, if necessary, pass on data. But who reads the license terms? Chrome and Firefox have reacted by banning these add-ons from recommendation sites and their stores.
Generally applies: Caution with Browser Add-Ons
In addition to these eight add-ons, we generally recommend that you uninstall all add-ons that you do not know or use. Often users don’t even know what add-ons they’ve accumulated in their browsers over the years. But even if the DataSpii report doesn’t find any more like these eight “suspects”, it can’t be ruled out that there are more.
The selection of browser add-ons is too large and confusing and it is almost likely that there are other providers who collect data and resell it without your knowledge. Because the operators of the browsers themselves (Firefox, Google) are currently not doing enough to check add-ons sufficiently. So the risk of spying add-ons remains and every user is forced to solve this problem himself.
If you want to surf safely, we recommend our software Cyber Shield.